Creating a “shadow IT” subculture of back-channel or underground workflow processes that are critical to the business’s operations, but are known only to a few users and fully dependent on personal technologies and applications
Introducing new risks to the entire networking and computing infrastructure, due to the presence of unknown, and, therefore, unaddressed and unpatched, vulnerabilities, as well as threats that target normal application and user behavior — whether a the vulnerability exists in the application or not
» Being exposed to noncompliance penalties for organizations that are subject to increasingly complex and stringent regulatory requirements (see Chapter 1 for several examples)
» Having employees circumvent controls with external proxies, encrypted tunnels, and remote desktop applications, making it difficult, if not impossible, for security and risk managers to see the risks they’re trying to manage
